webvictim
- Karma
- 159
- Created
- March 21, 2013 (13y ago)
- Submissions
- 0
Devops Engineer at https://goteleport.com
[ my public key: https://keybase.io/webvictim; my proof: https://keybase.io/webvictim/sigs/CpqUgeYKI_OlnkrSjacQxw1_-F6RgVvjHokfFR9f5II ]
[ my public key: https://keybase.io/webvictim; my proof: https://keybase.io/webvictim/sigs/CpqUgeYKI_OlnkrSjacQxw1_-F6RgVvjHokfFR9f5II ]
I genuinely thought the same thing. I opened my MBP and it was sluggish, felt like it was dead. Browser wouldn't load, Zoom wouldn't load, I rebooted and the same problems persisted. I honestly thought the hardware was…
The problems are very real if you work at any large organisation which has compliance requirements.
Setting all of that infrastructure up and subsequently maintaining it involves a considerable amount of time and knowledge. Some people just want a solution that's easy to deploy and that handles all of the management…
Yes, even for very regular users I would recommend setting up a process requiring users to get a new certificate on a daily basis with a short validity period. You can automate a lot of this and make it a simple…
It's something of an implementation detail - you don't generally specify the usage of certs on a user-by-user level, you do it by trusting the entire CA in /etc/ssh/sshd_config and then using the signed content of the…
Author here. My take on this is that fail-closed is a vastly better security model than fail-open. I am genuinely surprised that OpenSSH actually issues certificates with no expiry date as a default. If you have a…
Author here - yes, this is why. I looked into Ed25519 and while there are a lot of great reasons to use it (such as a shorter key footprint and it being much quicker on mobile devices), RSA is still more widely…
Don't get me wrong, using AuthorizedKeysCommand is a lot better than having a static ~/.ssh/authorized_keys file on a server, but it isn't anything like as powerful as using user certificates. Certificates can do a lot…
Having been on the rough end of this during a huge LDAP outage, I can confirm that LDAP is great until such time as it isn't.
This is definitely the premise of what I was going for with the post. I'm a firm believer in the idea that short-lived certificates which expire by default are one of the best ways to provide access to infrastructure,…
Author here - thanks for the feedback. As another reply points out, I did try to also cover the use of a bastion host along with one form of 2-factor authentication. I'm considering doing a future post on how to set up…
Author here. If you specify an IdentityFile then that’ll be tried first (as an explicit identity) but if that doesn’t work then by default, ssh-agent identities will be tried sequentially afterwards. IdentitiesOnly…
Maybe banners, artwork, bio, follow relevant accounts, make some starter tweets with popular hashtags to get some follows back, interaction with some key people. I wouldn’t pay for it personally but someone might.
FYI, I was hired by Gravitational back in April 2018 and I was given that same take-home assignment as part of the interview process - to write a CNI plugin for k8s which created an encrypted mesh network between nodes.…
The drain on the systems in Europe from those who are “gaming the system” and who are long term sick pales into insignificance when you consider the overall savings due to the collective bargaining power of a…
https://www.quora.com/What-are-the-salary-ranges-of-each-lev... https://www.glassdoor.com/Salary/Google-Salaries-E9079.htm It seems similar to the way it was at Facebook in that when you start, you'll be assigned a…
Commits are a really terrible metric when it comes to measuring productivity for this exact reason.
My family weren't at all well off when I was growing up in the UK, but my Dad had some contacts in a local IT business who had a spare BBC microcomputer that he got hold of around 1988 when they were throwing it away. I…
The shorter way of expressing a similar sentiment is 'virtue signalling'.
Watch some early videos of Zuck and it'll be much more obvious. He's had a lot of training in public speaking and engagement and he's a ton better than he used to be now. I'm not saying he's autistic, but he has the…
There are no companies which have such a policy, because it's illegal.
Collaboration has definitely got a lot better than it was years ago; FB has probably managed it better than anywhere I've worked before. The amount of money and effort they've invested into video conferencing facilities…
Yes, it worked much better against the hum of the A/C units than the chatter.
Haha, thank you. My heritage is clearly given away by my phraseology :)
I used to work there and my team was unfortunate enough to get relocated to a set of desks near a ping pong table during a floor reshuffle. It was noisy, infuriating and a huge distraction. The ping pong noise itself…